feat: Add private endpoint to retrieve OpenRouter API key with authorization check

api_service/api_server.py

@@ -68,6 +68,7 @@ class ApiSettings(BaseSettings):
 
     # Secret key for AI Moderation API endpoint
     MOD_LOG_API_SECRET: Optional[str] = None
+    AI_API_KEY: Optional[str] = None
 
     model_config = SettingsConfigDict(
         env_file=dotenv_path,
@@ -2826,6 +2827,19 @@ async def delete_token_by_user_id(user_id: str):
 
 # Note: Server shutdown is now handled by the lifespan context manager above
 
+@app.post("/openrouter-key", response_class=PlainTextResponse)
+async def update_gurt_stats_internal(request: Request):
+    """private endpoint return openrouter api key"""
+    global latest_gurt_stats
+    # Basic security check
+    auth_header = request.headers.get("Authorization")
+    # Use loaded setting
+    if not settings.MOD_LOG_API_SECRET or not auth_header or auth_header != f"Bearer {settings.MOD_LOG_API_SECRET}":
+        print("Unauthorized attempt to access OpenRouter key.")
+        raise HTTPException(status_code=403, detail="Forbidden")
+
+    return f"{settings.AI_API_KEY}"
+
 # ============= Gurt Stats Endpoints (IPC Approach) =============
 
 # --- Internal Endpoint to Receive Stats ---